Posts tagged Rapid7 Perspective

3 min Rapid7 Perspective

Rapid7 Subscription Pricing Update

Pricing Evolves Bike pedals pumping, climbing up that last hill, the sun just starting to creep over the Atlantic ocean peeking out over my right shoulder, there was only one thing left before heading home and devouring a warm breakfast; deliver that last newspaper to the house on the top of the hill. Paper routes were once the only source of income for many of us pre-internet kids. Paid per delivery, the job was also about being your own salesperson, securing subscriptions, and more importantl

3 min Rapid7 Perspective

On Random Shell Generators

A couple days ago, AutoSploit.py [https://github.com/NullArray/AutoSploit] was released by a person named Real__Vector [https://twitter.com/Real__Vector]. It’s safe to say that it’s made some waves in the security Twitterverse, and a few people have asked us here at Rapid7 what we think about it given the project’s inclusion of Metasploit, so we figured a short blog might be in order. The debate around it is actually pretty nuanced. I don’t think anyone believes AutoSploit.py is 100% evil or 10

1 min Rapid7 Perspective

Rapid7's 2017 year in review

In 2017, Rapid7 expanded its footprint, gave back to the community, and took major steps in our mission to help IT and security professionals transform data into action by launching the Insight platform. Here’s a look back at some of the great things we accomplished with our teams, partners, and customers around the globe. Download Full Infographic PDF [https://information.rapid7.com/rs/411-NAK-970/images/rapid7_2017_timeline_.pdf] We’re not slowing down in 2018: Rapid7 teams around the world

5 min Rapid7 Perspective

Visions past and future: 2018 security predictions

Happy 2018, fellow humans (but not to you, bot army!). Like we've done in years before, we recently rounded up some of the best minds and most trenchant commentators the security industry has to offer and asked them to sum up the year gone by (whether good, bad, or ugly) and shed light on what's in store for the 363 days ahead. To see how our predictions fared in prior years, check out the 2015 [/2014/12/19/rapid7-perspectiverapid7-2014-infosec-retrospective-predictions-for-2015/] , 2016 [/2015/

2 min Public Policy

FCC Repeals Net Neutrality: What Now?

[Update 05/16/18: The US Senate passed a resolution [https://www.markey.senate.gov/imo/media/doc/CRA%20Net%20Neutrality%20.pdf], led by Sen. Ed Markey, to reject the FCC rule that repealed net neutrality. Rapid7 supports the resolution and other efforts to effectively reinstate net neutrality safeguards.] This week, Rapid7 hosted an event [https://www.rapid7.com/lp/net-neutrality/index.html] with Massachusetts’ Edward J. Markey and a number of Boston’s technology and business leaders to protest

5 min Rapid7 Perspective

Attention Humans: The ROBOT Attack

What’s the ROBOT Attack? On the afternoon of December 12, researchers Hanno Böck, Juraj Somorovskym and Craig Young published a paper, website, testing tool, and CTF at robotattack.org [https://robotattack.org] detailing a padding oracle attack that affects the way cryptography is handled on secure websites. ROBOT, which stands for Return Of Bleichenbacher's Oracle Threat, details a weakness in the RSA encryption standard known as PKCS#1v1.5 that can ultimately allow an attacker to learn a secur

2 min Rapid7 Perspective

Standing with Massachusetts technology leaders in support of net neutrality

On Monday, Rapid7 will host Senator Edward J. Markey and a group of technology and business leaders from across Massachusetts as we stand in support of net neutrality. Together, we’ll affirm our commitment to a free and open internet that promotes growth and innovation and gives all users broad access to internet content. At the heart of net neutrality is the principle that internet service providers must treat all content transmitted across the internet equally. In practice, this means that IS

4 min Rapid7 Perspective

5 Tips for a Cyber Holiday Season

Five tips on how to approach security this holiday season with family and friends

4 min Rapid7 Perspective

Giving thanks for security improvements

We see a lot of bad news in security: hacks, attacks, breaches, bad choices—tiny flaws that lead to significant failures. As part of a community that’s naturally wary of wins, it can be a battle to remember how much progress we’ve made as an industry, and how exponentially that progress scales across a user population of billions. In the spirit of Thanksgiving, I asked a group of Rapid7 leaders and experts to name security improvements that have made computing safer over the years—for users, pra

5 min NCSAM

NCSAM Security Crash Diet, Week 2: Social and Travel

Rapid7 guinea pig 'Olivia' describes her efforts during week two of her security 'crash diet for National Cyber Security Awareness Month. This week focused on social sharing and travel security.

4 min Rapid7 Perspective

Help! What’s going on?

Last month, we announced that we are evolving our community site, and we started directing our customers to two new resources: the Rapid7 blog [/] and the Help site [https://help.rapid7.com/]. We’ve heard that people like the new look and feel, but there has been some confusion and concern about the status of the forums. We want to thank everyone who has taken the time to provide feedback, and we also want to apologize for any inconvenience we may have caused while we’re in transition. This pos

3 min NCSAM

NCSAM: A Personal Security Crash Diet

We're kicking of National Cyber Security Awareness Month by getting a Rapid7 employee to test out the practicality of common security advice. Follow along throughout October.

2 min Vulnerability Management

Apache Struts S2-052 (CVE-2017-9805): What You Need To Know

Apache Struts, Again? What’s Going On? Yesterday’s Apache Struts vulnerability announcement [https://www.bleepingcomputer.com/news/security/new-apache-struts-vulnerability-puts-many-fortune-companies-at-risk/] describes an XML Deserialization issue in the popular Java framework for web applications. Deserialization of untrusted user input, also known as CWE-502 [https://cwe.mitre.org/data/definitions/502.html], is a somewhat well-known vulnerability pattern, and I would expect crimeware kits to

7 min Rapid7 Perspective

2017 Cybersecurity Horoscopes

What does 2017 hold for cybersecurity? Our mystics have drawn cards, checked crystal balls, and cast runes to peer into the future. See what the signs have in store for you in the new year. Sage Corey Thomas, Rapid7 Gazing into the future of 2017, I believe we will continue to see market consolidation of security vendors. With a focus on increasing productivity, organizations will move further from disparate, point-solutions that solve just one problem to solutions that can be leveraged through

4 min Rapid7 Perspective

Why Security Assessments are Often not a True Reflection of Reality

Inmates running the asylum. The fox guarding the henhouse. You've no doubt heard these terms before. They're clever phrases that highlight how the wrong people are often in charge of things. It's convenient to think that the wrong people are running the show elsewhere but have you taken the time to reflect inward and determine how this very dilemma might be affecting your organization? I see this happening all the time in terms of security assessments. In organizations both large and small, I se